|What are the limits of domain registration and website operation anonymity?|
Any risk of discovery by government agencies? How best to remain anonymous?
| 1:05 am on Feb 22, 2006 (gmt 0)|
I've found a popular misspelling of a high-traffic foreign government website has been unregistered. I'd like to register the domain and then publish some data about this government's atrocities. (Would open up an account anonymously with a free webhost to publish the webpages.)
However, I was wondering if I even paid extra to hide my info. in the WhoIs, is it possible for this government secret services to trace the owner? Can they hack into the registrar's site (or have insiders who collude with them) and get someone's info.?
I would register domain and create/update website only from Internet Cafes without visiting any of my own websites at the same time. Could also use false registrant data for the domain. Only one obstacle is paying for the domain name... can trace owner through creditcard, Paypal and every other method I can think of. Ideas?
Would rather not register if even 1% chance they can trace owner, because this government's secret services are among the nastiest in the world and regularly cause serious harm to people even outside their own country.
Every other misspelling of this government's websites have been registered, but they are just parked PPC landing pages.
| 2:03 am on Feb 22, 2006 (gmt 0)|
|I've found a popular misspelling of a high-traffic foreign government website |
What, exactly, is foreign (other than the country you live in, of course)? I'm not asking you to be specific, just addressing it in the abstract, because your entire question depends on which "foreign" you mean.
|is it possible for this government secret services to trace the owner? |
Surely, you jest :-) Any government on the planet can track you down (especially the way you're contemplating), and bump you off if you're a big enough threat.
|I would register domain and create/update website only from Internet Cafes without visiting any of my own websites at the same time. Could also use false registrant data for the domain. Only one obstacle is paying for the domain name... can trace owner through creditcard, Paypal and every other method I can think of. Ideas? |
Ahh... there's the rub. Unless you can do it with cash, they can track you down in no time at all.
|Would rather not register if even 1% chance they can trace owner, because this government's secret services are among the nastiest in the world and regularly cause serious harm to people even outside their own country. |
If that's the case, my considered advice is to not register ;-)
| 2:22 am on Feb 22, 2006 (gmt 0)|
You can buy nameless, disposable, pre-paid debit cards to make your purchases.
The government would have no problem finding you if they were inclined to do so- just ask Bin Laden. Free speech rights would prevent them from acting against you solely because of the content of your site, assuming no laws are broken on your part.
I've done much worse. ;)
| 2:33 am on Feb 22, 2006 (gmt 0)|
IF, they even bother to find out, they will. You can't hide if they really want to find you, let's face it.
| 4:21 am on Feb 22, 2006 (gmt 0)|
|You can buy nameless, disposable, pre-paid debit cards to make your purchases. |
1lit, how important is this to you? If your site eventually does well, gets noticed, gets lots of traffic, and is a big threat, then by dedicating many hours and much thought to avoiding whomever's <secret police>, you might get lucky and be okay. (Of course, you might be greatly overrating your importance and they won't care anyway.)
If it were life and death, then yeah, damn the torpedoes and go for it. With a risk margin of 1%, it's best to not launch in the first place.
And on a personal note: I have a real craving for chocolate right now, and the nearest open store is many kilometres away. Maybe I'll have a cup of coffee and toast...
[edited by: Webwork at 1:19 am (utc) on Feb. 23, 2006]
| 9:11 pm on Feb 22, 2006 (gmt 0)|
Things are becoming more possible every single day. I can't imagine the Secret Service not being able to track you down.
That disposable prepaid card thing's a good idea. :)
| 10:10 pm on Feb 22, 2006 (gmt 0)|
It would be easy for a secret service to track you
Even if you are paying to hide yoru actual whois info,ist always availabel at Registry level
| 10:27 pm on Feb 22, 2006 (gmt 0)|
1Lit since you already have so many misgivings just thinking about setting up this site I would suggest not to do it. Paranoia would get the better of you before the secret service does.
| 10:45 pm on Feb 22, 2006 (gmt 0)|
What exactly is the value of using the misspelling? Wouldn't any web site critical of said government be succeptable to to investigation?
I believe you could hide your identity though. If you did the prepaid thing and gave false info when you setup the domain they couldn't trace it to you. Then if you only used public access points like web cafes whenever dealing with the site you would also be fairly safe. You should never pay for that access using a credit card and it would be best if the access was free. If you repeatedly used the same access point people could start to recognize you.
[edited by: Webwork at 1:17 am (utc) on Feb. 23, 2006]
[edit reason] Let's steer clear of politics [/edit]
| 12:12 am on Feb 23, 2006 (gmt 0)|
|Then if you only used public access points like web cafes whenever dealing with the site you would also be fairly safe. |
Doubtful [google.com] if you published anything that a police force (foreign or domestic) found sufficiently interesting/aggravating...
| 1:24 am on Feb 23, 2006 (gmt 0)|
Folks, let's steer well clear of politics, which country's government is more likely to cause trouble, and anything else outside the central questions:
- What are the limitations to anonymity when it comes to operating a website or registering a domain name?
- Where are the identity leaks likely to occur?
- What steps can you take to minimize identiry leakage?
This thread is NOT about anything to do with promoting illegal or abusive use of anonymity, so let's not go there.
There are legitimate reasons for wishing to keep a low profile. Let's assume that and stick to that assumption or premise moving forward.
[edited by: Webwork at 1:28 am (utc) on Feb. 23, 2006]
| 1:27 am on Feb 23, 2006 (gmt 0)|
|Could also use false registrant data for the domain. |
The government agency can petition icann to cancel your domain registration for using false whois information.
| 1:39 am on Feb 23, 2006 (gmt 0)|
I agree: definitely use a disposable debit/credit card (bought with cash) to set up a basic dialup/POP account with, say, some random Internet provider or AOL. Use AOL or small Internet provider email to register for gmail or hotmail or other free email address. Perhaps go a few levels deep and use the hotmail address to get a yahoo address, yahoo to get a gmail address, then dump the AOL/Internet account and the other free ones. Change your email every few months. Maybe if you have a friend in another country, have them set up a postal box for you. Change this every few months. Use the free email account as the whois email, and the postal box for the postal address with whois. For the telephone number, perhaps get an eFax with voicemail (or even without), also with the disposable debit card. Also take advantage of whois privacy protection.
Gather a list of anonymous proxies, preferably in different countries, and only update the site through those even at an Internet cafe.
I'd go through as many levels of things as I could, basically, at every step to try to lay false trails.
They could still probably find you, but would it be worth it to try? I don't know how ruthless the government in question is, so I can't answer that.
| 8:21 pm on Feb 24, 2006 (gmt 0)|
JollyK, you seem to have all bases covered ;)
I'm not frightened to be controversial and stand up for the weak and oppressed, even if it angers their oppressors. I worked for years as a journalist and have had nasty threats before (there will always some group or other who doesn't like at least one thing you write). The British police has caused me bother for going on anti-Capitalist demos. But, believe me, this country is far nastier than the USA and UK.
Apart from the credit card link, I honestly can't see how anybody can trace anybody if they do everything in (different) internet cafes (avoiding CCTV cameras which have more in London than any city in the world): register domain, register for free webhosting account with made-up details and drop-in website.
I think would be risky/stupid/mentally taxing to update site regularly - just want to throw up a few pages, register domain for 10 years and not bother about it.
Which specific credit cards can buy for cash? Anybody know of any in the UK?
| 9:08 pm on Feb 24, 2006 (gmt 0)|
Heh. I know for a fact I don't have all the bases covered, but that was all I could think of on the spur of the moment. Basically, cash-cash-cash, and as many levels of obfuscation as possible. If this were a black-hat discussion, there are a lot of other things you could do by taking advantage of security vulnerabilities in servers worldwide, but let's not go there. :-)
I don't know about the UK specifically, but I do know that you can get "American Express Gift Cards" in the US in various denominations which can be used anywhere American Express is accepted. They even have a CVV2 number on the back and an expiration date.
I'm not entirely sure how they work for AVS, though, so that might be an issue. On the other hand, they may be set up such that ANY address comes up as valid on an AVS check.
Last August, there were rumblings that Permanent TSB and Visa have teamed up to offer a disposable debit card kind of thing. They tested it in Dublin last summer, and planned to offer it in the UK and Europe in the "near future." I haven't seen any more on that since, though. MBNA Europe launched a Visa gift card in partnership with "The Trafford Centre" (no idea what that is) back in June of last year, supposedly, but I couldn't find out how to get one on either MBNA or Trafford's websites.
I've had a difficult time finding concrete information on where one can get a Visa gift card in the UK!
| 11:01 pm on Mar 3, 2006 (gmt 0)|
This subject has been on my mind as well. I would like to start a site that involves monitoring police behavior, but I'd actually like an adsense account on it to recover something on the investment. I'm not so much worried about my own safety as making sure family wouldn't be a target of retribution.
Is there some firm out there that specializes in cloaking the identity of a website's publisher? I understand that's another medium which could lead to exposure, but for those who don't know how to execute all the layers of tricks to protect their identities...it might be a more realistic alternative.
| 11:15 pm on Mar 9, 2006 (gmt 0)|
If you believe a foreign entity will be willing to send someone to hurt you, then surely they would send someone to reconnoiter the internet cafes that you use.
So, you'd have to use a different internet cafe each time. That would rapidly become impractical unless you have the budget to travel progressively farther distances each day.
Even if you add "borrowing" people's open wi-fi hotspots, there would still be a clearly traceable "circle" of activity, probably centered on your home.